Tag: Encryption

Posted on

Data Protection Diaries Fundamental Point In Time Granularity Points of Interest

Data Protection Diaries Fundamental Point In Time Granularity

Companion to Software Defined Data Infrastructure Essentials – Cloud, Converged, Virtual Fundamental Server Storage I/O Tradecraft ( CRC Press 2017)

server storage I/O data infrastructure trends

By Greg Schulzwww.storageioblog.com November 26, 2017

This is Part 5 of a multi-part series on Data Protection fundamental tools topics techniques terms technologies trends tradecraft tips as a follow-up to my Data Protection Diaries series, as well as a companion to my new book Software Defined Data Infrastructure Essentials – Cloud, Converged, Virtual Server Storage I/O Fundamental tradecraft (CRC Press 2017).

Software Defined Data Infrastructure Essentials Book SDDC

Click here to view the previous post Part 4 Data Protection Recovery Points (Archive, Backup, Snapshots, Versions), and click here to view the next post Part 6 Data Protection Security Logical Physical Software Defined.

Post in the series includes excerpts from Software Defined Data Infrastructure (SDDI) pertaining to data protection for legacy along with software defined data centers ( SDDC), data infrastructures in general along with related topics. In addition to excerpts, the posts also contain links to articles, tips, posts, videos, webinars, events and other companion material. Note that figure numbers in this series are those from the SDDI book and not in the order that they appear in the posts.

In this post the focus is around Data Protection points of granularity, addressing different layers and stack altitude (higher application and lower system level) Chapter 10 . among others.

Point-in-Time Protection Granularity Points of Interest

SDDC SDDI Data Protection Recovery consistency points
Figure 10.1 Recovery and consistency points

Figure 10.1 above is a refresh from previous posts about the role and importance of having various recovery points at different time intervals to enable data protection (and restoration). Building upon figure 10.1, figure 10.5 looks at different granularity of where and how data should be protected. Keep in mind that everything is not the same, so why treat everything the same with the same type of protection?

Figure 10.5 shows backup and Data Protection focus, granularity, and coverage. For example, at the top left is less frequent protection of the operating system, hypervisors, and BIOS, UEFI settings. At the middle left is volume, or device level protection (full, incremental, differential), along with various views on the right ranging from protecting everything, to different granularity such as file system, database, database logs and journals, and operating system (OS) and application software, along with settings.

SDDC SDDI Different Protection Granularity
Figure 10.5 Backup and data protection focus, granularity, and coverage

In Figure 10.5, note that the different recovery point focus and granularity also take into consideration application and data consistency (as well as checkpoints), along with different frequencies and coverage (e.g. full, partial, incremental, incremental forever, differential) as well as retention.

Tip – Some context is needed about object backup and backing up objects, which can mean different things. As mentioned elsewhere, objects refer to many different things, including cloud and object storage buckets, containers, blobs, and objects accessed via S3 or Swift, among other APIs. There are also database objects and entities, which are different from cloud or object storage objects.

Another context factor is that an object backup can refer to protecting different systems, servers, storage devices, volumes, and entities that collectively comprise an application such as accounting, payroll, or engineering, vs. focusing on the individual components. An object backup may, in fact, be a collection of individual backups, PIT copies, and snapshots that combined represent what’s needed to restore an application or system.

On the other hand, the content of a cloud or object storage repository ( buckets, containers, blobs, objects, and metadata) can be backed up, as well as serve as a destination target for protection.

Backups can be cold and off-line like archives, as well as on-line and accessible. However, the difference between the two, besides intended use and scope, is granularity. Archives are intended to be coarser and less frequently accessed, while backups can be more frequently and granular accessed. Can you use a backup for an archive and vice versa? A qualified yes, as an archive could be a master gold copy such as an annual protection copy, in addition to functioning in its role as a compliance and retention copy. Likewise, a full backup set to long-term retention can provide and enable some archive functions.

Where To Learn More

Continue reading additional posts in this series of Data Infrastructure Data Protection fundamentals and companion to Software Defined Data Infrastructure Essentials (CRC Press 2017) book, as well as the following links covering technology, trends, tools, techniques, tradecraft and tips.

Additional learning experiences along with common questions (and answers), as well as tips can be found in Software Defined Data Infrastructure Essentials book.

Software Defined Data Infrastructure Essentials Book SDDC

What This All Means

A common theme in this series as well as in my books, webinars, seminars and general approach to data infrastructures, data centers and IT in general is that everything is not the same, why treat it all the same? What this means is that there are differences across various environments, data centers, data infrastructures, applications, workloads and data. There are also different threat risks scenarios (e.g. threat vectors and attack surface if you like vendor industry talk) to protect against.

Rethinking and modernizing data protection means using new (and old) tools in new ways, stepping back and rethinking what to protect, when, where, why, how, with what. This also means protecting in different ways at various granularity, time intervals, as well as multiple layers or altitude (higher up the application stack, or lower level).

Get your copy of Software Defined Data Infrastructure Essentials here at Amazon.com, at CRC Press among other locations and learn more here. Meanwhile, continue reading with the next post in this series, Part 6 Data Protection Security Logical Physical Software Defined.

Ok, nuff said, for now.

Gs

Greg Schulz – Microsoft MVP Cloud and Data Center Management, VMware vExpert 2010-2017 (vSAN and vCloud). Author of Software Defined Data Infrastructure Essentials (CRC Press), as well as Cloud and Virtual Data Storage Networking (CRC Press), The Green and Virtual Data Center (CRC Press), Resilient Storage Networks (Elsevier) and twitter @storageio. Courteous comments are welcome for consideration. First published on https://storageioblog.com any reproduction in whole, in part, with changes to content, without source attribution under title or without permission is forbidden.

All Comments, (C) and (TM) belong to their owners/posters, Other content (C) Copyright 2006-2024 Server StorageIO and UnlimitedIO. All Rights Reserved. StorageIO is a registered Trade Mark (TM) of Server StorageIO.

Posted on

AWS Announces New S3 Cloud Storage Security Encryption Features

AWS Announces New S3 Cloud Storage Security Encryption Features

server storage I/O data infrastructure trends

Updated 1/17/2018

Amazon Web Services (AWS) recently announced new Simple Storage Service (S3) e.g. AWS S3 encryption and security enhancements including Default Encryption, Permission Checks, Cross-Region Replication ACL Overwrite, Cross-Region Replication with KMS and Detailed Inventory Report. Another recent announcement by AWS is for PrivateLinks endpoints within a Virtual Private Cloud (VPC).

AWS Dashboard
AWS Service Dashboard

Default Encryption

Extending previous security features, now you can mandate all objects stored in a given S3 bucket be encrypted without specifying a bucket policy that rejects non-encrypted objects. There are three server-side encryption (SSE) options for S3 objects including keys managed by S3, AWS KMS and SSE Customer ( SSE-C) managed keys. These options provide more flexibility as well as control for different environments along with increased granularity. Note that encryption can be forced on all objects in a bucket by specifying a bucket encryption configuration. When an unencrypted object is stored in an encrypted bucket, it will inherit the same encryption as the bucket, or, alternately specified by a PUT required.

AWS S3 Bucket Encryption
AWS S3 Buckets

Permission Checks

There is now an indicator on the S3 console dashboard prominently indicating which S3 buckets are publicly accessible. In the above image, some of my AWS S3 buckets are shown including one that is public facing. Note in the image above how there is a notion next to buckets that are open to public.

Cross-Region Replication ACL Overwrite and KMS

AWS Key Management Service (KMS) keys can be used for encrypting objects. Building on previous cross-region replication capabilities, now when you replicate objects across AWS accounts, a new ACL providing full access to the destination account can be specified.

Detailed Inventory Report

The S3 Inventory report ( which can also be encrypted) now includes the encryption status of each object.

PrivateLink for AWS Services

PrivateLinks enable AWS customers to access services from a VPC without using a public IP as well as traffic not having to go across the internet (e.g. keeps traffic within the AWS network. PrivateLink endpoints appear in Elastic Network Interface (ENI) with private IPs in your VPC and are highly available, resiliency and scalable. Besides scaling and resiliency, PrivateLink eliminates the need for white listing of public IPs as well as managing internet gateway, NAT and firewall proxies to connect to AWS services (Elastic Cloud Compute (EC2), Elastic Load Balancer (ELB), Kinesis Streams, Service Catalog, EC2 Systems Manager). Learn more about AWS PrivateLink for services here including  VPC Endpoint Pricing here

Where To Learn More

Learn more about related technology, trends, tools, techniques, and tips with the following links.

What This All Means

Common cloud concern considerations include privacy and security. AWS S3 among other industry cloud service and storage providers have had their share of not so pleasant news coverage involving security.

Keep in mind that data protection including security is a shared responsibility (and only you can prevent data loss). This means that the vendor or service provider has to take care of their responsibility making sure their solutions have proper data protection and security features by default, as well as extensions, and making those capabilities known to consumers.

The other part of shared responsibility is that consumers and users of cloud services need to know what the capabilities are, defaults and options as well as when to use various approaches. Ultimately it is up to the user of a cloud service to implement best practices to leverage cloud as well as their own on-premises technologies so that they can support data infrastructure that in turn protect, preserve, secure and serve information (along with their applications and data).

These are good enhancements by AWS to make their S3 cloud storage security encryption features available as well as provide options and awareness for users on how to use those capabilities.

 

Ok, nuff said, for now.

Gs

Greg Schulz – Microsoft MVP Cloud and Data Center Management, VMware vExpert 2010-2017 (vSAN and vCloud). Author of Software Defined Data Infrastructure Essentials (CRC Press), as well as Cloud and Virtual Data Storage Networking (CRC Press), The Green and Virtual Data Center (CRC Press), Resilient Storage Networks (Elsevier) and twitter @storageio. Courteous comments are welcome for consideration. First published on https://storageioblog.com any reproduction in whole, in part, with changes to content, without source attribution under title or without permission is forbidden.

All Comments, (C) and (TM) belong to their owners/posters, Other content (C) Copyright 2006-2024 Server StorageIO and UnlimitedIO. All Rights Reserved. StorageIO is a registered Trade Mark (TM) of Server StorageIO.

Posted on

Chelsio Storage over IP and other Networks Enable Data Infrastructures

Chelsio Storage over IP Enable Data Infrastructures

server storage I/O data infrastructure trends

Chelsio and Storage over IP (SoIP) continue to enable Data Infrastructures from legacy to software defined virtual, container, cloud as well as converged. This past week I had a chance to visit with Chelsio to discuss data infrastructures, server storage I/O networking along with other related topics. More on Chelsio later in this post, however, for now lets take a quick step back and refresh what is SoIP (Storage over IP) along with Storage over Ethernet (among other networks).

Data Infrastructures Protect Preserve Secure and Serve Information
Various IT and Cloud Infrastructure Layers including Data Infrastructures

Server Storage over IP Revisited

There are many variations of SoIP from network attached storage (NAS) file based processing including NFS, SAMBA/SMB (aka Windows File sharing) among others. In addition there is various block such as SCSI over IP (e.g. iSCSI), along with object via HTTP/HTTPS, not to mention the buzzword bingo list of RoCE, iSER, iWARP, RDMA, DDPK, FTP, FCoE, IFCP, and SMB3 direct to name a few.

Who is Chelsio

For those who are not aware or need a refresher, Chelsio is involved with enabling server storage I/O by creating ASICs (Application Specific Integrated Circuits) that do various functions offloading those from the host server processor. What this means for some is a throw back to the early 2000s of the TCP Offload Engine (TOE) era where various processing to handle regular along with iSCSI and other storage over Ethernet and IP could be accelerated.

Chelsio data infrastructure focus

Chelsio ecosystem across different data infrastructure focus areas and application workloads

As seen in the image above, certainly there is a server and storage I/O network play with Chelsio, along with traffic management, packet inspection, security (encryption, SSL and other offload), traditional, commercial, web, high performance compute (HPC) along with high profit or productivity compute (the other HPC). Chelsio also enables data infrastructures that are part of physical bare metal (BM), software defined virtual, container, cloud, serverless among others.

Chelsio server storage I/O focus

The above image shows how Chelsio enables initiators on server and storage appliances as well as targets via various storage over IP (or Ethernet) protocols.

Chelsio enabling various data center resources

Chelsio also plays in several different sectors from *NIX to Windows, Cloud to Containers, Various processor architectures and hypervisors.

Chelsio ecosystem

Besides diverse server storage I/O enabling capabilities across various data infrastructure environments, what caught my eye with Chelsio is how far they, and storage over IP have progressed over the past decade (or more). Granted there are faster underlying networks today, however the offload and specialized chip sets (e.g. ASICs) have also progressed as seen in the above and next series of images via Chelsio.

The above showing TCP and UDP acceleration, the following show Microsoft SMB 3.1.1 performance something important for doing Storage Spaces Direct (S2D) and Windows-based Converged Infrastructure (CI) along with Hyper Converged Infrastructures (HCI) deployments.

Chelsio software environments

Something else that caught my eye was iSCSI performance which in the following shows 4 initiators accessing a single target doing about 4 million IOPs (reads and writes), various size and configurations. Granted that is with a 100Gb network interface, however it also shows that potential bottlenecks are removed enabling that faster network to be more effectively used.

Chelsio server storage I/O performance

Moving on from TCP, UDP and iSCSI, NVMe and in particular NVMe over Fabric (NVMeoF) have become popular industry topics so check out the following. One of my comments to Chelsio is to add host or server CPU usage to the following chart to help show the story and value proposition of NVMe in general to do more I/O activity while consuming less server-side resources. Lets see what they put out in the future.

Chelsio

Ok, so Chelsio does storage over IP, storage over Ethernet and other interfaces accelerating performance, as well as regular TCP and UDP activity. One of the other benefits of what Chelsio and others are doing with their ASICs (or FPGA by some) is to also offload processing for security among other topics. Given the increased focus around server storage I/O and data infrastructure security from encryption to SSL and related usage that requires more resources, these new ASIC such as from Chelsio help to offload various specialized processing from the server.

The customer benefit is that more productive application work can be done by their servers (or storage appliances). For example, if you have a database server, that means more product ivy data base transactions per second per licensed software. Put another way, want to get more value out of your Oracle, Microsoft or other vendors software licenses, simple, get more work done per server that is licensed by offloading and eliminate waits or other bottlenecks.

Using offloads and removing server bottlenecks might seem like common sense however I’m still amazed that the number of organizations who are more focused on getting extra value out of their hardware vs. getting value out of their software licenses (which might be more expensive).

Chelsio

Where To Learn More

Learn more about related technology, trends, tools, techniques, and tips with the following links.

Data Infrastructures Protect Preserve Secure and Serve Information
Various IT and Cloud Infrastructure Layers including Data Infrastructures

What This All Means

Data Infrastructures exist to protect, preserve, secure and serve information along with the applications and data they depend on. With more data being created at a faster rate, along with the size of data becoming larger, increased application functionality to transform data into information means more demands on data infrastructures and their underlying resources.

This means more server I/O to storage system and other servers, along with increased use of SoIP as well as storage over Ethernet and other interfaces including NVMe. Chelsio (and others) are addressing the various application and workload demands by enabling more robust, productive, effective and efficient data infrastructures.

Check out Chelsio and how they are enabling storage over IPO (SoIP) to enable Data Infrastructures from legacy to software defined virtual, container, cloud as well as converged, oh, and thanks Chelsio for being able to use the above images.

Ok, nuff said, for now.
Gs

Greg Schulz – Multi-year Microsoft MVP Cloud and Data Center Management, VMware vExpert (and vSAN). Author of Software Defined Data Infrastructure Essentials (CRC Press), as well as Cloud and Virtual Data Storage Networking (CRC Press), The Green and Virtual Data Center (CRC Press), Resilient Storage Networks (Elsevier) and twitter @storageio.

Courteous comments are welcome for consideration. First published on https://storageioblog.com any reproduction in whole, in part, with changes to content, without source attribution under title or without permission is forbidden.

All Comments, (C) and (TM) belong to their owners/posters, Other content (C) Copyright 2006-2023 Server StorageIO(R) and UnlimitedIO. All Rights Reserved.

Posted on

GDPR (General Data Protection Regulation) Resources Are You Ready?

server storage I/O data infrastructure trends
Updated 6/29/17

What Is GDPR

If your initial response is that you are not in Europe and do not need to be concerned about GDPR you might want to step back and review that thought. While it is possible that some organizations may not be affected by GDPR in Europe directly, there might be indirect considerations. For example, GDPR, while focused on Europe, has ties to other initiatives in place or being planned for elsewhere in the world. Likewise unlike earlier regulatory compliance that tended to focus on specific industries such as healthcare (HIPPA and HITECH) or financial (SARBOX, Dodd/Frank among others), these new regulations can be more far-reaching.

Where To Learn More

Acronis GDPR Resources

  • Acronis Outlines GDPR position

Quest GDPR Resources

Microsoft and Azure Cloud GDPR Resources

Do you have or know of relevant GDPR information and resources? Feel free to add them via comments or send us an email, however please watch the spam and sales pitches as they will be moderated.

What This All Means

Now is the time to start planning, preparing for GDPR if you have not done so and need to, as well as becoming more generally aware of it and other initiatives. One of the key takeaways is that while the word compliance is involved, there is much more to GDPR than just compliance as we have seen in the part. With GDPR and other initiatives data protection becomes the focus including privacy, protect, preserve, secure, serve as well as manage, have insight, awareness along with associated reporting.

Ok, nuff said (for now…).

Cheers
Gs

Greg Schulz – Multi-year Microsoft MVP Cloud and Data Center Management, VMware vExpert (and vSAN). Author of Software Defined Data Infrastructure Essentials (CRC Press), as well as Cloud and Virtual Data Storage Networking (CRC Press), The Green and Virtual Data Center (CRC Press), Resilient Storage Networks (Elsevier) and twitter @storageio.

Courteous comments are welcome for consideration. First published on https://storageioblog.com any reproduction in whole, in part, with changes to content, without source attribution under title or without permission is forbidden.

All Comments, (C) and (TM) belong to their owners/posters, Other content (C) Copyright 2006-2023 Server StorageIO(R) and UnlimitedIO. All Rights Reserved.

Posted on

GDPR goes into effect May 25 2018 Are You Ready?

server storage I/O trends

GDPR goes into effect May 25 2018 Are You Ready?

The new European General Data Protection Regulation (GDPR) go into effect in a year on May 25 2018 are you ready?

Why Become GDPR Aware

If your initial response is that you are not in Europe and do not need to be concerned about GDPR you might want to step back and review that thought. While it is possible that some organizations may not be affected by GDPR in Europe directly, there might be indirect considerations. For example, GDPR, while focused on Europe, has ties to other initiatives in place or being planned for elsewhere in the world. Likewise unlike earlier regulatory compliance that tended to focus on specific industries such as healthcare (HIPPA and HITECH) or financial (SARBOX, Dodd/Frank among others), these new regulations can be more far-reaching.

GDPR Looking Beyond Compliance

Taking a step back, GDPR, as its name implies, is about general data protection including how information is protected, preserved, secured and served. This also includes taking safeguards to logically protect data with passwords, encryption among other techniques. Another dimension of GDPR is reporting and ability to track who has accessed what information (including when), as well as simply knowing what data you have.

What this means is that GDPR impacts users from consumers of social media such as Facebook, Instagram, Twitter, Linkedin among others, to cloud storage and related services, as well as traditional applications. In other words, GDPR is not just for finance, healthcare, it is more far-reaching making sure you know what data exists, and taking adequate steps to protect.

There is a lot more to discuss of GDPR in Europe as well as what else is being done in other parts of the world. For now being aware of initiatives such as GDPR and its broader scope impact besides traditional compliance is important. With these new initiatives, the focus expands from the compliance office or officers to the data protection office and data protection officer whose scope is to protect, preserve, secure and serve data along with associated information.

GDPR and Microsoft Environments

As part of generating awareness and help planning, I’m going to be presenting a free webinar produced by Redmond Magazine sponsored by Quest (who will also be a co-presenter) on June 22, 2017 (7AM PT). The title of the webinar is GDPR Compliance Planning for Microsoft Environments.

This webinar looks at the General Data Protection Regulation (GDPR) and its impact on Microsoft environments. Specifically, we look at how GDPR along with other future compliance directives impact Microsoft cloud, on-premises, and hybrid environments, as well as what you can do to be ready before the May 25, 2018 deadline. Join us for this discussion of what you need to know to plan and carry out a strategy to help address GDPR compliance regulations for Microsoft environments.

What you will learn during this discussion:

  • Why GDPR and other regulations impact your environment
  • How to assess and find compliance risks
  • How to discover who has access to sensitive resources
  • Importance of real-time auditing to monitor and alert on user access activity

This webinar applies to business professionals responsible for strategy, planning and policy decision-making for Microsoft environments along with associated applications. This includes security, compliance, data protection, system admins, architects and other IT professionals.

What This All Means

Now is the time to start planning, preparing for GDPR if you have not done so and need to, as well as becoming more generally aware of it and other initiatives. One of the key takeaways is that while the word compliance is involved, there is much more to GDPR than just compliance as we have seen in the part. With GDPR and other initiatives data protection becomes the focus including privacy, protect, preserve, secure, serve as well as manage, have insight, awareness along with associated reporting. Join me and Quest on June 22, 2017 7AM PT for the webinar GDPR Compliance Planning for Microsoft Environments to learn more.

Ok, nuff said, for now.

Cheers
Gs

Greg Schulz – Microsoft MVP Cloud and Data Center Management, VMware vExpert (and vSAN). Author Cloud and Virtual Data Storage Networking (CRC Press), The Green and Virtual Data Center (CRC Press), Resilient Storage Networks (Elsevier) and twitter @storageio. Watch for the spring 2017 release of his new book "Software-Defined Data Infrastructure Essentials" (CRC Press).

Courteous comments are welcome for consideration. First published on https://storageioblog.com any reproduction in whole, in part, with changes to content, without source attribution under title or without permission is forbidden.

All Comments, (C) and (TM) belong to their owners/posters, Other content (C) Copyright 2006-2023 Server StorageIO(R) and UnlimitedIO. All Rights Reserved.

Posted on

Welcome to the Data Protection Diaries

Updated 1/10/2018

Storage I/O trends

Welcome to the Data Protection Diaries

This is a series of posts about data protection which includes security (logical and physical), backup/restore, business continuance (BC), disaster recovery (DR), business resiliency (BR) along with high availability (HA), archiving and related topic themes, technologies and trends.

Think of data protection like protect, preserve and serve information across cloud, virtual and physical environments spanning traditional servers, storage I/O networking along with mobile (ok, some IoT as well), SOHO/SMB to enterprise.

Getting started, taking a step back

Recently I have done a series of webinars and Google+ hangouts as part of the BackupU initiative brought to you by Dell Software (that’s a disclosure btw ;) ) that are vendor and technology neutral. Instead of the usual vendor product or technology focused seminars and events, these are about getting back to the roots, the fundamentals of what to protect when and why, then decide your options as well as different approaches (e.g. what tools to use when).

In addition over the past year (ok, years) I have also been doing other data protection related events, seminars, workshops, articles, tips, posts across cloud, virtual and physical from SOHO/SMB to enterprise. These are in addition to the other data infrastructure server and storage I/O stuff (e.g. SSD, object storage, software defined, big data, little data, buzzword bingo and others).

Keep in mind that in the data center or information factory everything is not the same as there are different applications, threat risk scenarios, availability and durability among other considerations. In this series like the cloud conversations among others, I’m going to be pulling various data protection themes together hopefully to make it easier for others to find, as well as where I know where to get them.

data protection diaries
Some notes for an upcoming post in this series using my Livescribe about data protection

Data protection topics, trends, technologies and related themes

Here are some more posts to checkout pertaining to data protection trends, technologies and perspectives:

Ok, nuff said (for now)

Cheers
Gs

Greg Schulz – Author Cloud and Virtual Data Storage Networking (CRC Press), The Green and Virtual Data Center (CRC Press) and Resilient Storage Networks (Elsevier)
twitter @storageio

All Comments, (C) and (TM) belong to their owners/posters, Other content (C) Copyright 2006-2024 Server StorageIO and UnlimitedIO LLC All Rights Reserved

Posted on

Securing your information assets and data, what about your storage?

Storage I/O trends

Securing your information assets and data, what about your storage?

Recently I did a piece over at the site Information Security Buzz title How Secure Is Your Data Storage? that takes a cursory look at securing your digital assets from a storage perspective. Keep in mind that data protection can mean many things to different people from various focus or technology domain perspectives. Likewise there are various threat risks to protect against and, not all of them are head-line news making events.

data protection threat risk scenarios

Protecting data and data protection

Protecting your data or data protection is a diverse topic and not exclusive to just backup/restore, business continuance (BC), disaster recovery (DR), high availability (HA), durability, archiving, privacy and compliance (PCI, Hippa, High-tech, Sarbox, etc) or security (logical [encryption, access control, identity management] and physical).

In the broader scope and context of information infrastructures and data infrastructures, think of data protection as part of or enabling protect, process, preserve and serving of information in an effective way that does not introduce complexity or compromise your digital and physical assets.

Following is an excerpt from the piece over at Information Security Buzz:

The usual belief is that information behind firewall’s and on storage attached to servers that have rights access control and find access, all is safe; hence no need to encrypt the real storage device.

There is a couple of other usual comments or statements that people make to me about encrypting storage devices that it is too difficult due to lack of good key management, and the other is that people say the encryption algorithms are no good. Both can be valid points, particular given what we are hearing with the NSA and other government activities. My usual response is a) have spare keys placed in safe trusted locations and b) do you lock the doors and windows on your home as somebody who really wants to get in probably can, hence need for multiple rings of security, however the encryption will deter the casual or more typical adversary.

Click to read more

Additional data protection topics and links

In addition to the above, also check out the following related items on the many difference faces or facets of data protection.

Various StorageIO tips and articles from different venues: Via StateTech Magazine – 5 Tips for Factoring Software into Disaster Recovery Plans and Via the StorageIO fall November 2013 news letter, Cloud and data protection perspectives.

Also via StorageIOblog: Data protection modernization, more than swapping out media and Cloud conversations: Has Nirvanix shutdown caused cloud confidence and data protection concerns? along with In the data center or information factory not everything is the same plus Securing data at rest and fast secure erase with SED’s.

Also check out BackupU (www.software.dell.com/backupU) series of webinars and Google+ hangouts that I’m involved with about modernizing and rethinking data protection. Note that while Dell is the sponsor of these events, they are also vendor and technology neutral, that’s a disclosure btw fwiw ;) ).

Closing perspective, for now…


Only you can prevent data loss as it is a shared responsibility!

Ok, nuff said (for now)

Cheers gs

Greg Schulz – Author Cloud and Virtual Data Storage Networking (CRC Press), The Green and Virtual Data Center (CRC Press) and Resilient Storage Networks (Elsevier)
twitter @storageio

All Comments, (C) and (TM) belong to their owners/posters, Other content (C) Copyright 2006-201

Posted on

EMC VMAX 10K, looks like high-end storage systems are still alive

StorageIO industry trends cloud, virtualization and big data

This is the first in a multi-part series of posts looking at if large enterprise and legacy storage systems are dead, along with what todays EMC VMAX 10K updates means.

EMC has announced an upgrade, refresh or new version of their previously announced Virtual matrix (VMAX) 10,000 (10K), part of the VMAX family of enterprise class storage systems formerly known as DMX (Direct Matrix) and Symmetrix. I will get back to more coverage on the VMAX 10K and other EMC enhancements in a few moments in part two and three of this series.

Have you heard the industry myth about the demise or outright death of traditional storage systems? This has been particularly the case for high-end enterprise class systems, which by the way which were first, declared dead back in the mid-1990s then at the hands of emerging mid-range storage systems.

Enterprise class storage systems include EMC VMAX, Fujitsu Eternus DX8700, HDS, HP XP P9000 based on the HDS high-end product (OEM from HDS parent Hitachi Ltd.). Note that some HPers or their fans might argue that the P10000 (formerly known as 3PAR) declared as tier 1.5 should also be on the list; I will leave that up to you to decide.

Let us not forget the IBM DS8000 series (whose predecessors was known as the ESS and VSS before that); although some IBMers will tell you that XIV should also be in this list. High-end enterprise class storage systems such as those mentioned above are not alone in being declared dead at the hands of new all solid-state devices (SSD) and their startup vendors, or mixed and hybrid-based solutions.

Some are even declaring dead due to new SSD appliances or systems, and by storage hypervisor or virtual storage array (VSA) the traditional mid-range storage systems that were supposed to have killed off the enterprise systems a decade ago (hmm, DejaVu?).

The mid-range storage systems include among others block (SAN and DAS) and file (NAS) systems from Data Direct Networks (DDN), Dell Complement, EqualLogic and MD series (Netapp Engenio based), EMC VNX and Isilon, Fujitsu Eternus, and HDS HUS mid-range formerly known as AMS. Let us not forget about HP 3PAR or P2000 (DotHill based) or P6000 (EVA which is probably being put out to rest). Then there are the various IBM products (their own and what they OEM from others), NEC, NetApp (FAS and Engenio), Oracle and Starboard (formerly known as Reldata). Note that there are many startups that could be in the above list as well if they were not considering the above to be considered dead, thus causing themselves to also be extinct as well, how ironic ;).

What are some industry trends that I am seeing?

  • Some vendors and products might be nearing the ends of their useful lives
  • Some vendors, their products and portfolios continue to evolve and expand
  • Some vendors and their products are moving into new or adjacent markets
  • Some vendors are refining where and what to sell when and to who
  • Some vendors are moving up market, some down market
  • Some vendors are moving into new markets, others are moving out of markets
  • Some vendors are declaring others dead to create a new market for their products
  • One size or approach or technology does not fit all needs, avoid treating all the same
  • Leverage multiple tools and technology in creative ways
  • Maximize return on innovation (the new ROI) by using various tools, technologies in ways to boost productivity, effectiveness while removing complexity and cost
  • Realization that cutting cost can result in reduced resiliency, thus look for and remove complexity with benefit of removing costs without compromise
  • Storage arrays are moving into new roles, including as back-end storage for cloud, object and other software stacks running on commodity servers to replace JBOD (DejaVu anyone?).

Keep in mind that there is a difference between industry adoption (what is talked about) and customer deployment (what are actually bought and used). Likewise there is technology based on GQ (looks and image) and G2 (functionality, experience).

There is also an industry myth that SSD cannot or has not been successful in traditional storage systems which in some cases has been true with some products or vendors. Otoh, some vendors such as EMC, NetApp and Oracle (among others) are having good success with SSD in their storage systems. Some SSD startup vendors have been more successful on both the G2 and GQ front, while some focus on the GQ or image may not be as successful (or at least yet) in the industry adoption vs. customer deployment game.

For the above mentioned storage systems vendors and products (among others), or at least for most of them there is still have plenty of life in them, granted their role and usage is changing including in some cases being found as back-end storage systems behind servers running virtualization, cloud, object storage and other storage software stacks. Likewise, some of the new and emerging storage systems (hardware, software, valueware, services) and vendors have bright futures while others may end up on the where are they now list.

Are high-end enterprise class or other storage arrays and systems dead at the hands of new startups, virtual storage appliances (VSA), storage hypervisors, storage virtualization, virtual storage and SSD?

Are large storage arrays dead at the hands of SSD?

Have SSDs been unsuccessful with storage arrays (with poll)?

 

Here are links to two polls where you can cast your vote.

Cast your vote and see results of if large storage arrays and systems are dead here.

Cast your vote and see results of if SSD has not been successful in storage systems.

So what about it, are enterprise or large storage arrays and systems dead?

Perhaps in some tabloids or industry myths (or that some wish for) or in some customer environments, as well as for some vendors or their products that can be the case.

However, IMHO for many other environments (and vendors) the answer is no, granted some will continue to evolve from legacy high-end enterprise class storage systems to mid-range or to appliance or VSA or something else.

There is still life many of the storage systems architectures, platforms and products that have been declared dead for over a decade.

Continue reading about the specifics of the EMC VMAX 10K announcement in the next post in this series here. Also check out Chucks EMC blog to see what he has to say.

Ok, nuff said (for now).

Cheers gs

Greg Schulz – Author Cloud and Virtual Data Storage Networking (CRC Press, 2011), The Green and Virtual Data Center (CRC Press, 2009), and Resilient Storage Networks (Elsevier, 2004)

twitter @storageio

All Comments, (C) and (TM) belong to their owners/posters, Other content (C) Copyright 2006-2024 Server StorageIO and UnlimitedIO LLC All Rights Reserved

Posted on

Enabling Bitlocker on Microsoft Windows 7 Professional 64 bit

Enabling Bitlocker on Microsoft Windows 7 Professional 64 bit
Updated 6/24/18

A while back, I added a new laptop that required Enabling Bitlocker on Microsoft Windows 7 Professional 64 bit. At that time some of my other devices run Windows 7 Ultimate 32 bit with Bitlocker security encryption enabled (since upgraded to various Windows 10 editions). However back then, I ran into a problem getting Bitlocker to work on the 64 bit version of Windows 7 Professional.

Yes I know I should not be using Windows and I also have plenty of iDevices and other Apple products lying around. Likewise to the security pros and security arm-chair quarterbacks I know I should not be using Bitlocker, instead using Truecrypt of which I have done some testing and may migrate too in the future along with self-encrypting device (SED).

However lets stay on track here ;).

Lenovo Thinkpad X1 Gen6
Image courtesy of Lenovo.com

The problem that I ran into with my then new Lenovo X1 was that it came with Windows 7 Professional 64 bit, which has a few surprises when trying to turn on Bitlocker drive encryption. Initializing and turning on the Trusted Platform Module (TPM) management was not a problem, however for those needing to figure out how to do that, check out this Microsoft TechNet piece.

The problem was as simple as not having a tab and easy way to enable Bitlocker Drive Encryption with Windows 7 Professional 64 bit. After spending some time searching around various Microsoft and other sites to figure out how to hack, patch, script and do other things that would take time (and time is money), it dawned on me. Could the solution to the problem be as simple as upgrading from the Professional version of Windows 7 bit to Windows 7 Ultimate?

Update: 6/25/18

While this post is about Windows 7, there are some new challenges with Windows 10 bit locker and removable devices including USB. These new issues are tied to Windows 10 running in BIOS instead of UEFI boot mode.

Here are some additional Windows 10 Bitlocker related resources:

  • Via Microsoft: Bitlocker Frequently Asked Questions
  • Via Microsoft: Bitlocker Overview and Requirements
  • Via Intel: Converting Windows Installation from BIOS to UEFI

    • Microsoft Windows 7 via amazon
    Windows 7 image courtesy of Amazon.com

    The answer was going to the Microsoft store (or Amazon among other venues) and for $139.21 USD (with tax) purchase the upgrade.

    Once the transaction was complete, the update was automatically and within minutes I had Bitlocker activated on the Lenovo X1 (TPM was previously initiated and turned on), a new key was protected and saved elsewhere, and the internal Samsung 830 256GB Solid State Device (SSD) initializing and encrypting. Oh, fwiw, yes the encryption of the 256GB SSD took much less time than on a comparable Hard Disk Drive (HDD) or even an HHDD (Hybrid HDD).

    Could I have saved the $139.21 and spent some time on work around? Probably, however as I did not have the time or interest to go that route, however IMHO for my situation it was a bargain.

    Sometimes spending a little money particular if you are short on or value, your time can be a bargain as opposed to if you are short on money however long on time.

    I found the same to be true when I replaced the internal HDD that came with the Lenovo X1 with a Samsung 256GB SSD in that it improved my productivity for writing and saving data. For example in the first month of use I estimate easily 2 to three minutes of time saved per day waiting on things to be written to HDDs. In other words 2 to three minutes times five days (10 to 15 minutes) times four weeks (40 to 60 minutes) starts to add up (e.g. small amounts or percentages spread over a large interval add up), more on using and justifying SSD in a different post.

    Microsoft Windows 7 Ultimate

    Samsung SSD image courtesy of Amazon.com

    If your time is not of value or you have a lot of it, then the savings may not be as valuable. On the other hand, if you are short on time or have a value on your time, you can figure out what the benefits are quite quickly (e.g. return on investment or traditional ROI).

    Where To Learn More

    Learn more about Windows, Bitlocker and related topics

    Additional learning experiences along with common questions (and answers), as well as tips can be found in Software Defined Data Infrastructure Essentials book.

    Software Defined Data Infrastructure Essentials Book SDDC

    What This All Means

    The reason I bring the topic of time and money into this discussion about Bitlocker is to make a point that there are situations where spending some time has value such as for learning, the experience, fun or simple entertainment aspect, not to mention a shortage of money. On the other hand, sometimes it is actually cheaper to spend some money to get to the solution or result as part of being productive or effective. For example, other than spending some time browsing various sites to figure out that there was an issue with Windows 7 Professional and Bitlocker, time that was educational and interesting, the money spent on the simple upgrade was worth it in my situations. While many if not most of you have since upgraded to Windows 8 or Windows 10, some may still have the need for Enabling Bitlocker on Microsoft Windows 7 Professional 64 bit.

    Ok, nuff said, for now.

    Gs

    Greg Schulz – Microsoft MVP Cloud Data Center Management, VMware vExpert 2010-2018. Author of Software Defined Data Infrastructure Essentials (CRC Press), as well as Cloud and Virtual Data Storage Networking (CRC Press), The Green and Virtual Data Center (CRC Press), Resilient Storage Networks (Elsevier) and twitter @storageio. Courteous comments are welcome for consideration. First published on https://storageioblog.com any reproduction in whole, in part, with changes to content, without source attribution under title or without permission is forbidden.

    All Comments, (C) and (TM) belong to their owners/posters, Other content (C) Copyright 2006-2024 Server StorageIO and UnlimitedIO. All Rights Reserved. StorageIO is a registered Trade Mark (TM) of Server StorageIO.

    Posted on

    Securing data at rest: Self Encrypting Disks (SEDs)

    Here is a link to a recent guest post that I was invited to do over at The Virtualization Practice (TVP) pertaining to Self Encrypting Disk (SEDs).

    Based on the trusted computing group (TCG) DriveTrust and OPAL disk drive security models, SEDs offload encryption to the disk drive while complimenting other encryption security solutions to protect against theft or lost storage devices. There is another benefit however for SEDs which is simplifying the process of decommissioning a storage device safely and quickly.

    If you are not familiar with them, SEDs perform encryption within the hard disk drive (HDD) itself using the onboard processor and resident firmware. Since SEDs only protect data at rest, other forms of encryption should be combined to protect data in flight or on the move.

    There is also another benefit of SEDs in that for those of you concerned about how to digital destroy, shred or erase large capacity disks in the future, you may have a new option. While intended for protecting data, a byproduct is that when a SED is removed from the system or server or controller that it has established an affinity with, its contents are effectively useless until reattached. If the encryption key for a SED is changed, then the data is instantly rendered useless, or at least for most environments.

    Learn more about SEDs here and via the following links:

    • Self-Encrypting Drives for IBM System x
    • Trusted Computing Group OPAL Summary
    • Storage Performance Council (SPC) SED and Non SED benchmarks
    • Seagate SED information
    • Trusted Computing Group SED information

    Ok, nuff said.

    Cheers gs

    Greg Schulz – Author Cloud and Virtual Data Storage Networking (CRC Press), The Green and Virtual Data Center (CRC Press) and Resilient Storage Networks (Elsevier)
    twitter @storageio

    All Comments, (C) and (TM) belong to their owners/posters, Other content (C) Copyright 2006-2024 Server StorageIO and UnlimitedIO LLC All Rights Reserved

    Posted on

    March and Mileage Mania Wrap-up

    Today’s flight to Santa Ana (SNA) Orange County California for an 18 hour visit marks my 3rd trip to the left coast in the past four weeks that started out with a trip to Los Angeles. The purpose of today’s trip is to deliver a talk around Business Continuance (BC) and Disaster recovery (DR) topics for virtual server and storage environments along with related data transformation topics themes, part of a series of on-going events.

    Planned flight path from MSP to SNA, note upper midwest snow storms. Thanks to Northwest Airlines, now part of Delta!
    Planned flight path from MSP to SNA courtesy of Northwest Airlines, now part of Delta

    This is a short trip to southern California in that I have to be back in Minneapolis for a Wednesday afternoon meeting followed by keynoting at an IT Infrastructure Optimization Seminar downtown Minneapolis Thursday morning. Right after Thursday morning session, its off to the other coast for some Friday morning and early afternoon sessions in the Boston area, the results of which I hope to be able to share with you in a not so distant future posting.

    Where has March gone? Its been a busy and fun month out on the road with in-person seminars, vendor and user group events in Minneapolis, Los Angles, Las Vegas, Milwaukee, Atlanta, St. Louis, Birmingham, Minneapolis for CMG user group, Cincinnati and Orange County not to mention some other meetings and consulting engagements elsewhere including participating in a couple of webcast and virtual conference/seminars while on the road. Coverage and discussion around my new book "The Green and Virtual Data Center" (CRC) continues expand, read here to see what’s being said.

    What has made the month fun in addition to traveling around the country is the interaction with the hundreds of IT professionals from organizations of all size hearing what they are encountering, what their challenges are, what they are thinking, and in general what’s on their mind.

    Some of the common themes include:

  • There’s no such thing as a data recession, however the result is doing more with less, or, with what you have
  • Confusion abounds around green hype including carbon footprints vs. core IT and business issues
  • There is life beyond consolidation for server and storage virtualization to enable business agility
  • Security and encryption remain popular topic as does heterogeneous and affordable key management
  • End to end IT resource management for virtual environments is needed that is scalable and affordable
  • Performance and quality of service can not be sacrificed in the quest to drive up storage utilization
  • Clouds, SSD (FLASH), Dedupe, FCoE and Thin Provisioning among others are on the watch list
  • Tape continues to be used complimenting disks in tiered storage environments along with VTLs
  • Dedupe continues to be deployed and we are just seeing the very tip of the ice-berg of opportunity
  • Software licensing cost savings or reallocation should be a next step focus for virtual environments

    • Now, for a bit of irony and humor, overheard was a server sales person talking to a storage sales person comparing notes on how they are missing their forecasts as their customers are buying fewer servers and storage now that they are consolidating with virtualization, or using disk dedupe to eliminate disk drives. Doh!!!

    Now if those sales people can get their marketing folks to get them the play book for virtualization for business agility, improving performance and enabling business growth in an optimized, transformed environment, they might be able to talk a different story with their customers for new opportunities…

    What’s on deck for April? More of the same, however also watch and listen for some additional web based content including interviews quotes and perspectives on industry happenings, articles, tips and columns, reports, blogs, videos, podcasts, webcasts and twitter activity as well as appearances at events in Boston, Chicago, New Jersey and Providence among other venues.

    To all of those who came out to the various events in March, thank you very much and look forward to future follow-up conversations as well as seeing you at some of the upcoming future events.

    Cheers gs

    Greg Schulz – Author Cloud and Virtual Data Storage Networking (CRC Press, 2011), The Green and Virtual Data Center (CRC Press, 2009), and Resilient Storage Networks (Elsevier, 2004)

    twitter @storageio

    All Comments, (C) and (TM) belong to their owners/posters, Other content (C) Copyright 2006-2012 StorageIO and UnlimitedIO All Rights Reserved